Both ypserv and ypbind are daemon
processes typically activated at system startup time from
/etc/nis. ypserv runs only on
NIS server machines with a complete NIS
database. The argument -localonly must be used
when starting the ypserv daemon on a copy-only
server and must never be used when starting the
ypserv daemon on a master server or slave
server. The optional argument -p# may
only be used when the ypserv daemon is started on
a copy-only server. ypbind runs on all machines
using NIS services, both NIS servers
and clients.

ypxfrd transfers the entire NIS maps in
an efficient manner. For systems that use this daemon, map
transfers will be 10 to 1,000 times faster, depending on
the map. To use this daemon, ypxfrd should be
run on an NIS server. ypxfr will
attempt to use ypxfrd first. If that fails, it
will print a warning message and then use the older
transfer method.

The ypserv daemon's primary function is to look
up information in its local database of NIS
maps. The operations performed by ypserv are
defined for the implementor by the NIS protocol
specification and for the programmer by the header file
<rpcsvc/yp_prot.h>. Communication to and from
ypserv is by means of RPC calls.
Lookup functions are described in
ypclnt(NS)
and are supplied as C-callable functions in
/usr/lib/libsocket.so. There are four lookup
functions, all of which are performed on a specified map
within some NIS domain: Match,
Get_first, Get_next, and
Get_all. The Match operation accepts a
key and returns the associated value. The
Get_first operation returns the first key-value
pair from the map and the Get_next operation can
be used to enumerate the remainder. Get_all
ships the entire map to the requester as the response to a
single RPC request.

Two other functions supply information about the map,
rather than map entries: Get_order_number and
Get_master_name. In fact, both order number and
master name exist in the map as key-value pairs, but the
server will not return either through the normal lookup
functions. (However, if you examine the map with
makedbm, they will be visible.) Other functions
are used within the NIS subsystem itself but are
not of general interest to NIS clients. They
include Do_you_serve_this_domain?,
Transfer_map, and
Reinitialize_internal_state.

The function of ypbind is to remember information
that lets client processes on a single node communicate
with some ypserv process. ypbind must
run on every machine which has NIS client
processes; ypserv may or may not be running on
the same node, but must be running somewhere on the
network.

The information ypbind remembers is called a
binding -- the association of a domain name
with the internet address of the NIS server and
the port on that host at which the ypserv process
is listening for service requests. This information is
cached in the directory /etc/yp/binding using a
filename of domainname.version.

The process of binding is driven by client requests. When
a request for an unbound domain comes in, the
ypbind process broadcasts on the net in order to
find a ypserv process that serves NIS
maps within that domain. Since the binding is established
by broadcasting, there must be at least one
ypserv process on every net. If the client is
running in C2 secure mode, then ypbind will only
accept bindings to servers where the ypserv
process is running as root and is using a
reserved port. Once a domain is bound by a particular
ypbind, that same binding is given to every
client process on this node. The ypbind process
on the local node (or a remote node) may be queried for the
binding of a particular domain by using the
ypwhich command.

Bindings are verified before they are given out to a client
process. If ypbind is unable to speak to the
ypserv process to which it is bound, it marks the
domain as unbound, tells the client process that the domain
is unbound, and tries to bind the domain once again.
Requests received for an unbound domain will fail
immediately. In general, a bound domain is marked as
unbound when the node running ypserv crashes or
gets overloaded. In such a case, ypbind will
bind to any NIS server which serves maps in that
domain (typically one that is less heavily loaded)
available on the net.

ypbind also accepts requests to set its binding
for a particular domain. The request is usually generated
by the NIS subsystem itself.
ypset(NADM)
is a command to access the Set_domain facility.
It is used for unsnarling messes, not for casual use.

Options

-d

The NIS service should go to the DNS
(Domain Name Service) for more host information.

-localonly

The presence of this argument tells the
ypserv daemon not to respond to outside requests.

-p#

The value of ``#'' tells the ypserv daemon
the interval, in minutes,
at which to poll a master server for updates to its
NIS maps. If -p is not included when
the ypserv daemon is started,
the daemon polls at the default time of 60 minutes.
The polling interval is logged in the file /usr/adm/nislog.

-s

secure. When specified, only NIS servers bound
to a reserved port are used. This allows for a slight
increase in security in completely controlled environments,
where there are no computers operated by untrusted
individuals. It offers no real increase in security.

-v

Do not fork when ypxfrd is called multiple times.

-ypset

A
ypset(NADM)
command issued from any machine may be used to change the
binding. This option poses serious security risks and
should only be used for debugging the network from a remote
machine.

-ypsetme

A
ypset(NADM)
command may be used to change the binding only if the
command is issued from the local machine. ypbind
determines that the local machine issued the command by
checking the IP address contained in the
RPC request. However, the -ypsetme
option can be defeated on any network where untrusted
individuals can inject packets with illegitimate
IP addresses.

Notes

Both ypbind and ypserv support multiple
domains. The ypserv process determines the
domains it serves by looking for directories of the same
name in the directory /etc/yp. It will reply to
all broadcasts requesting NIS service for that
domain. Additionally, the ypbind process can
maintain bindings to several domains and their servers. The
default domain is, however, the one specified by the
domainname(NC)
command at startup time.

The Set_domain procedure only accepts requests
from processes running as root and using a
reserved port.

Files

If the file /usr/adm/nislog exists when
ypserv starts up, log information will be written
to this file when error conditions arise.

/etc/yp/binding/domainname.version will be
created to speed up the binding process. These files cache
the last successful binding created for the given domain.
When a binding is requested, these files are checked for
validity and then used.